diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e9..f0231c3 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068..1608e4a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae057..230a83e 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f80..d0a9a96 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] )